An Immunity-inspired Relocation Method for Unknown Malware Detection

摘要

Malware is a type of software designed to gain unauthorized access to a computer system. Most malwares have a relocation module that gets the base address of the codes in execution environment to infect other programs, neither do most legitimate programs. Due to this unique characteristic, the malware relocation module can be extracted as an antibody in the immune systems to detect the specific antigens. We present a malware detection method inspired by biology immune system and the structure of malware relocation code. The experiment is conducted and the result shows that this approach not only has relatively higher detection rate of unknown malware than other methods, but also has better capability of self-adaptive and self-learning.